The impact of stochastic variance on worm propagation and detection
Proceedings of the 4th ACM workshop on Recurring malcode
Efficient simulation of Internet worms
ACM Transactions on Modeling and Computer Simulation (TOMACS)
On the application of epidemical spreading in collaborative context-aware computing
ACM SIGMOBILE Mobile Computing and Communications Review
Deriving a closed-form expression for worm-scanning strategies
International Journal of Security and Networks
An analytical model for multi-epidemic information dissemination
Journal of Parallel and Distributed Computing
On the scalability of Delay-Tolerant Botnets
International Journal of Security and Networks
What you see predicts what you get—lightweight agent-based malware detection
Security and Communication Networks
Generalized epidemic mean-field model for spreading processes over multilayer complex networks
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Network security is an important task of network management. One threat to network security is malware (malicious software) propagation. One type of malware is called topological scanning that spreads based on topology information. The focus of this work is on modeling the spread of topological malwares, which is important for understanding their potential damages, and for developing countermeasures to protect the network infrastructure. Our model is motivated by probabilistic graphs, which have been widely investigated in machine learning. We first use a graphical representation to abstract the propagation of malwares that employ different scanning methods. We then use a spatial-temporal random process to describe the statistical dependence of malware propagation in arbitrary topologies. As the spatial dependence is particularly difficult to characterize, the problem becomes how to use simple (i.e., biased) models to approximate the spatially dependent process. In particular, we propose the independent model and the Markov model as simple approximations. We conduct both theoretical analysis and extensive simulations on large networks using both real measurements and synthesized topologies to test the performance of the proposed models. Our results show that the independent model can capture temporal dependence and detailed topology information and, thus, outperforms the previous models, whereas the Markov model incorporates a certain spatial dependence and, thus, achieves a greater accuracy in characterizing both transient and equilibrium behaviors of malware propagation.